שינויים במבחן CISSP ובחומרי הלימוד - מרץ 2015

(ISC)² CISSP and SSCP Domain Refresh FAQ

Q: Why are changes being made to the CISSP and SSCP exams?

A: Amidst the changes in technology and the evolving threat landscape occurring in the information security field, (ISC)²® has an obligation to its membership to maintain the relevancy of its credentials. These enhancements are the result of a rigorous, methodical process that (ISC)² follows to routinely update its credential exams. This process ensures that the examinations and subsequent continuing professional education requirements encompass the topic areas relevant to the roles and responsibilities of today’s practicing information security professionals.

Q: How is the CISSP exam changing?

A: The CISSP exam is being updated to stay relevant amidst the changes occurring in the information security field. Refreshed technical content has been added to the Official (ISC)² CISSP CBK to reflect the most current topics in the information security industry today. Some topics have been expanded (e.g., asset security, security assessment and testing), while other topics have been realigned under different domains. The result is an exam that most accurately reflects the technical and managerial competence required from an experienced information security professional to effectively design, engineer, implement and manage an organization’s information security program within an ever-changing security landscape.

As a result of the content refresh, we have updated some of the domain names to describe the topics accurately.

A: The content of the SSCP has been refreshed to reflect the most pertinent issues that security practitioners currently face, along with the best practices for mitigating those issues. Some topics have been expanded (e.g., cloud security, virtual environments), while others have been realigned. The result is an exam that most accurately reflects the technical and practical security knowledge that is required for the daily job functions of today’s frontline information security practitioner.As a result of the content refresh, we have updated some of the domain names to describe the topics accurately.

SSCP Domains, Effective April 15, 2015

Access Controls

Security Operations and Administration

Risk Identification, Monitoring, and Analysis

Incident Response and Recovery

Cryptography

Networks and Communications Security

Systems and Application Security

Q: How does the SSCP now relate to the CISSP?

A: Both credentials reflect knowledge of information security best practices, but from different facets. SSCPs are typically more involved in hands-on technical, day-to-day operational security tasks with competencies in implementing, monitoring and administering IT infrastructure in accordance with information security policies, procedures and requirements that ensure data confidentiality, integrity and availability. CISSPs, while also technically competent, typically design, engineer, implement and manage the overarching enterprise security program.SSCPs and CISSPs speak the same information security language, yet each have unique perspectives that complement each other across various IT departments and businesses.

Q: When will these changes go into effect?

A: The changes will begin on Wednesday, April 15, 2015 when the English versions of the CISSP and SSCP exams will be available (see below for translated exam availability).

Q: In what languages will the refreshed CISSP and SSCP exams be available?

A: The refreshed CISSP and SSCP exams will be available on April 15, 2015.

Q: Why will different translations be made available at different times and why will some languages not be made available during certain periods of time?

A: (ISC)² maintains a methodical quality assurance process for translating its credential examinations to ensure accuracy of translated terms from English into local languages around the world. As soon as the refreshed CISSP and SSCP exams are available in English, (ISC)² starts a meticulous translation process to provide candidates with the most current exams in local languages as timely as possible.

Q: Will this change the number of questions or the time required to take the CISSP or SSCP exam?

A: No. Both the CISSP and SSCP exams will have the same number of questions, and the time required to take either exam will be the same.

Q: Since the CISSP has changed from ten domains to eight domains, was some content deleted?

A: No. Content was not removed from the exam and/or training material, but rather refreshed and reorganized to include the most current information and best practices relevant to the global information security industry.

Q: Do these updates affect the experience requirements for the CISSP and/or SSCP?

A: No. For the CISSP, a candidate is required to have a minimum of 5 years of cumulative paid full-time work experience in two out of the eight domains (experience in two out of the total number of domains) of the CISSP CBK.

No. For the SSCP, a candidate is required to have a minimum of 1 year of cumulative paid full-time work experience in one or more of the seven domains of the SSCP CBK.

Q: I already hold the CISSP and/or SSCP. How will these changes affect my CPE submissions?

A: Beginning April 15, 2015, all global CISSPs and SSCPs will be required to submit their continuing professional education (CPE) credits in accordance with the refreshed eight domains of the CISSP and seven domains of the SSCP.

Q: What impact do these changes have on (ISC)² training materials?

A: Official (ISC)² CISSP and SSCP training materials, aligned to the refreshed domains, will be available according to the following schedule: